minor issue:
I am not sure if this is a known issue but i found this problem today.
I have a docBase=/user/home/xxx/aplication
and I have placed a security-constraint
<url-pattern>/user/*</url-pattern>
in the $docBase/WEB-INF/web.xml file
to protect files in this $docBase/user directory
the problem is that tomcat will protect the entire web (from the top)
and not just the $docBase/user directory that i intended to protect
as i believe tomcat matches the /user pattern in the root directory
and not the $docBase/user pattern
i got around it by changing the protecting directory to $docBase/xuser
Chris
